#!/bin/bash

echo -e "\033[32m  更换yum源为国内源 \033[0m"
sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.sjtug.sjtu.edu.cn/rocky|g' -i.bak /etc/yum.repos.d/Rocky-*.repo

echo -e "\033[32m  安装必要的一些Linux系统工具 \033[0m"
sudo dnf install epel-release -y
sudo dnf install wget net-tools vim chrony tar telnet socat conntrack ebtables ipset -y
sudo systemctl enable --now chronyd
sudo yes|cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

echo -e "\033[32m  禁用swap,selinux,firewalld \033[0m"
sudo sed -i 's/.*swap.*/#&/' /etc/fstab
sudo sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sudo systemctl disable --now firewalld

echo -e "\033[32m  提升ssh访问速度 \033[0m"
sudo sed -ri '/UseDNS/cUseDNS no' /etc/ssh/sshd_config
sudo sed -ri '/GSSAPIAuthentication/cGSSAPIAuthentication no' /etc/ssh/sshd_config
sudo sed -ri '/#   StrictHostKeyChecking ask/c    StrictHostKeyChecking no' /etc/ssh/ssh_config
sudo systemctl restart sshd

setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_tw_buckets = 5000
EOF
sleep 1
sudo modprobe br_netfilter
sleep 1
sudo sysctl -p /etc/sysctl.d/k8s.conf

echo -e "\033[43m *** [Step4] activate ipvs modules *** \033[0m"
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

echo -e "\033[32m  安装必要的一些k8s依赖工具 \033[0m"
dnf install ipvsadm ipset -y